Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Sep 2009 15:15:16 +0200
From:      Luigi Rizzo <>
To:        Cypher Wu <>
Subject:   Re: Is there any one who can give me some opinions about the performance bout IPFW?
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, Sep 12, 2009 at 03:05:51PM +0800, Cypher Wu wrote:
> 1. How many rules configured.
> 2. The general traffic supported.
> 3. Hardware platform.
> .......
> I'm thinking to port IPFW to another platform which can support up to
> 10GbE traffic bidirectional and running in user node, any advise will
> be appreciated.

i am not entirely clear on what you want to do or know
but at the end of the dummynet page

there are also some papers (and more data should come in the next
couple of weeks) measuring the performance of ipfw.

On a 2 GHz machine the ipfw overhead alone is 200-500ns per
entry in the firewall, plus another 50ns per rule, and another
30-50ns per additional microinstruction.

Most of the overhead comes from the rest of the protocol stack;
between receive, network stack demux and transmit you can easily
consume between 1.5 and 6-7us per packet on the same hardware,
depending on the OS and driver.


Want to link to this message? Use this URL: <>